hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alejandro Abdelnur (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10719) Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider
Date Thu, 03 Jul 2014 00:44:25 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14050923#comment-14050923
] 

Alejandro Abdelnur commented on HADOOP-10719:
---------------------------------------------

The extensions classes are ligthweigth classes and in some cases will be implemented by the
keyprovider itself, so I wouldn't worry about the caching thing.

Some additional feedback on the patch: 

KeyProviderCryptoExtension.Factory, I think could get rid of the factory inner class and simply
have a static method:
{code}
  public static KeyProviderCryptoExtension getCryptoExtension(
      KeyProvider keyProvider, Configuration conf) {
    if (keyProvider instanceof CryptoExtension) {
      return new KeyProviderCryptoExtension(keyProvider,
          (CryptoExtension) keyProvider);
    } else {
      return new KeyProviderCryptoExtension(keyProvider, 
          new DefaultCryptoExtension(keyProvider, conf));
    }
  }
{code}

Also, we should maybe get rid of the Configuration param and have KeyProvider to have a getConf()
method and us that one to crate the DefaultCryptoExtension.

KeyProviderCryptoExtension.DefaultCryptoExtension should be a private class.

KeyProviderCryptoExtension.DefaultCryptoExtension#generateEncryptedKey() should be using Cipher
instead of CryptoCodec in trunk, in fs-encryption we should change it, both here and in decryptEncryptedKey()
to use CryptoCodec.


> Add generateEncryptedKey and decryptEncryptedKey methods to KeyProvider
> -----------------------------------------------------------------------
>
>                 Key: HADOOP-10719
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10719
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Arun Suresh
>         Attachments: HADOOP-10719.1.patch, HADOOP-10719.2.patch, HADOOP-10719.patch,
HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch, HADOOP-10719.patch
>
>
> This is a follow up on [HDFS-6134|https://issues.apache.org/jira/browse/HDFS-6134?focusedCommentId=14036044&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14036044]
> KeyProvider API should  have 2 new methods:
> * KeyVersion generateEncryptedKey(String keyVersionName, byte[] iv)
> * KeyVersion decryptEncryptedKey(String keyVersionName, byte[] iv, KeyVersion encryptedKey)
> The implementation would do a known transformation on the IV (i.e.: xor with 0xff the
original IV).



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message